🚨Week 29: Chinese Threat: NFC-Enabled Fraud in the Philippines Financial Sector, EU Stalls Probe into Musk’s X , Cybercrime Group NoName057(16) and more.

The Cybersecurity Club is running a survey its first survey capturing Top Risk H1 2025. The first half of 2025 has already seen major shifts in the cyber landscape - AI-powered phishing attacks are on the rise, ransomware is hitting critical infrastructure harder than ever, and supply chain breaches continue to disrupt operations worldwide. Emerging threats like quantum risks and AI-driven attacks are reshaping how we think about security, all while talent shortages and new regulations add to the challenge.

This quick 10-minute survey is designed to capture the most pressing cybersecurity risks and trends impacting organizations in the first half of 2025. Your insights are invaluable in helping us build a comprehensive risk landscape overview.

You can access the survey here: Survey Link

North Korea-Linked Hackers Target macOS with "Nimdoor" via Fake Zoom Updates

Chinese-speaking cybercriminal syndicates, including the Smishing Triad, are actively conducting sophisticated NFC-enabled fraud operations against the Philippine financial sector. These actors exploit mobile payment systems like GCash and Maya using smishing (SMS phishing), Host Card Emulation (HCE) tools, fraudulent point-of-sale (POS) terminals, and compromised eSIM technology. Underground marketplaces - particularly Telegram bots and dark web shops - facilitate large-scale distribution of stolen card data.

Analysts report a 230% year-over-year increase in China-originated dark web activity linked to Philippine financial fraud. These attacks threaten consumer trust, mobile wallet adoption, and national economic resilience.

Source: https://www.resecurity.com/blog/article/chinese-threat-nfc-enabled-fraud-in-the-philippines-financial-sector

🔍 Key Briefing Points (What Happened)

• Dramatic Threat Escalation

  • China-origin NFC fraud targeting the Philippines surged ~230% in Q2 2025 compared to the previous year.

• Targeted Ecosystem

  • Primary victims: mobile wallets (GCash, Maya), POS infrastructure, retail/hospitality outlets used as laundering sites.

• Malicious Tactics & Tools

  • Smishing kits (“Panda Shop”) for credential harvesting.

  • HCE tools like Z‑NFC, Track2NFC, SuperCard X for fake tap-and-pay transactions.

• Underground Ecosystem

  • Compromised card data sold via Telegram bots (e.g., “Lita’s Shop,” “Hulk Vault”) and dark-web shops offering thousands of Filipino-issued cards.

• Laundering Infrastructure

  • Fraudulent POS terminals (software/hardware compromised, eSIM‑equipped) process $25k–$80k per day, often hidden in legitimate outlets.

• Local Syndicate Collaboration

  • Chinese actors partnering with Filipino money mules to expand laundering networks; local POS onboarding and merchant vetting are weak.

• Wider Regional Spread

  • Though focused on the Philippines, similar tactics are emerging across Southeast Asia and global markets.

💻 Malware and Vulnerabilities

Chrome issues security update for desktop: Google released a stable-channel Chrome update addressing multiple zero-day vulnerabilities and critical security flaws. Users are urged to update immediately to maintain browser integrity and user data protection. Link

CitrixBleed 2 exploit spotted pre‑public POC: GreyNoise warned of active exploitation of CVE-2025-5777, dubbed “CitrixBleed 2.” Attackers are targeting unpatched Citrix servers before public proof-of-concept disclosure—urgent patching is advised. Link

Messaging app under zero‑day attack: GreyNoise reports ongoing active exploits targeting an unnamed signal-based messaging app via a newly discovered zero-day vulnerability, placing user communications at risk; fix implementation is critical. Link

📈 Breaches and Incidents

Ransomware cripples top South Korean insurer: Seoul Guarantee Insurance, the country’s largest guarantor, suffered a ransomware attack that disrupted internal systems and halted core operations. The incident triggered collaboration with regulators and external cybersecurity teams. While no data leak has been confirmed, concerns persist over potential exposure of confidential customer and corporate information. The attack underscores escalating ransomware threats facing critical financial infrastructure. Link

United Australia Party discloses ransomware attack: On June 23, the United Australia Party acknowledged a ransomware breach affecting personal data, including names, emails and phone numbers of party members. The incident was reported to the Office of the Australian Information Commissioner (OAIC), and cybersecurity consultants have been engaged to contain and investigate the intrusion. The party did not confirm whether a ransom was paid, but vowed to notify affected individuals and bolster data protections. Link

Qantas wins injunction to stop leaked data: Australian carrier Qantas secured a legal injunction preventing release of customer data stolen during a recent cyberattack. Hackers had threatened to publish the information, prompting the airline’s swift legal response. Qantas is working with cybersecurity firms and authorities to assess breach scope and safeguard customer privacy. Investigators are still evaluating how the attackers accessed the data. Link

BBC live updates: UK hit by Cosmo ransomware: Live BBC coverage tracks a ransomware wave tied to the Cosmo gang, which has disrupted UK public services. Officials are weighing ransom demands while the National Cyber Security Centre (NCSC) leads mitigation efforts. The evolving crisis highlights vulnerabilities across critical infrastructure. Link

Er Srbija responds to hacker attack: Serbian flag carrier Er Srbija confirmed a cyberattack targeting its IT infrastructure. The airline asserts no flight disruptions or data leaks have been confirmed and says its incident response team is actively strengthening network defences and investigating the breach. Link

BigONE exchange reveals hot-wallet breach: On July 16, cryptocurrency exchange BigONE disclosed that unauthorized access impacted a third-party hot wallet, resulting in asset theft and a temporary operational freeze. The company is collaborating with external security specialists to assess losses, enhance wallet protections, and has pledged transparency and potential reimbursement. Link

Chinese hackers breach US law firm: U.S. cybersecurity sources suspect Chinese state-linked hackers infiltrated a major American law firm, exfiltrating confidential legal documents and client records. The breach has raised alarms about legal-sector cybersecurity and potential national security impact. Federal authorities are investigating the scope and potential regulatory implications. Link

Czech agency issues warning on Deepseek flaws: National cyber authority NUKIB issued an alert on vulnerabilities in AI products by Deepseek, a Chinese tech company. The flaws could enable data extraction or espionage. The agency advised immediate suspension of affected systems until patches are deployed and further assessments are made. Link

🚨 Threat Intel & Info Sharing

FCC to ban Chinese tech in undersea cables: The U.S. FCC proposed new rules to bar Chinese-made equipment from undersea cables connecting to the U.S., citing espionage concerns. The plan includes license denials, equipment bans, and tighter cybersecurity standards, aligning with broader tech‑decoupling efforts. Link

Europol disrupts pro‑Russian DDoS group NoName057(16): Operation Eastwood, coordinated by Europol and partners, dismantled more than 100 servers belonging to NoName057(16), a hacker group conducting DDoS attacks in support of Russia’s geopolitical aims. Multiple arrests and infrastructure seizures followed. Link

Spain grants Huawei surveillance contracts: Spain’s intelligence agency awarded Huawei contracts for surveillance and wiretapping systems, marking a notable expansion of the Chinese firm’s presence in European national security infrastructure. Link

UK NCA targets international scam centre: The UK’s National Crime Agency led an international operation dismantling a major fraud hub, coordinating with global partners to disrupt phone and online scams and protect consumers. Link

Chinese NFC fraud gang hits Philippine banks: Analysts exposed a China-linked cyber group exploiting NFC-enabled devices to siphon funds from Philippine financial institutions via contactless fraud and social engineering. Link

⚖️ Laws, Policies and Regulations

Cloudflare joins UK piracy-blocking orders: Cloudflare has begun enforcing UK court orders by blocking access to roughly 200 pirate sites, issuing “Error 451 – unavailable for legal reasons.” Previously limited to ISPs, this move marks a shift in enforcing copyright injunctions through intermediaries beyond residential internet providers. Link

EU delays Digital Services Act probe into X: The European Commission is postponing its investigation under the DSA into Elon Musk’s X platform, citing ongoing EU‑U.S. trade negotiations. The probe—potentially exposing X to hefty fines or operational bans—is now expected after the conclusion of diplomatic talks. Link

U.S. House to examine Stuxnet’s legacy on OT security: At a Homeland Security hearing, Rep. Garbarino invoked Stuxnet’s 15-year legacy to scrutinize current threats to operational technology systems. Industry experts will testify on evolving malware tactics targeting critical infrastructure. The session aims to guide strategy for protecting industrial control environments. Link

Australia to establish cyber reserves by 2026: Australia’s Defence Force will launch a volunteer cyber reserves unit by early 2026. The move addresses talent shortages, enhances resilience, and enables rapid national response to sophisticated cyber threats by leveraging skilled civilians. Link

UK bails four over attacks on major retailers: Four individuals, aged between 17 and 20, were bailed after being arrested for alleged cyberattacks on Marks & Spencer, Co‑op, and Harrods. The National Crime Agency tied the campaign to hacker collective Scattered Spider. The investigation remains high priority. Link

Cambodia issues nine‑point anti‑scam order: The Royal Government of Cambodia mandated a nine-point national campaign to curb online scams, including stricter regulations, enhanced enforcement, public education, and cross-border coordination to safeguard citizens and regional financial stability. Link

EU publishes AI governance framework: The European Commission launched the “European approach to artificial intelligence,” focusing on trustworthy AI, risk-based regulation, human oversight, and harmonised standards to ensure safe and innovation-friendly deployment of AI across member states. Link

⚖️ Cybersecurity Start Ups and VCs

Co-op Teams Up With Cybersecurity Startup To Tackle Growing Cyber Threats. New partnership aims to redirect young cyber talent into ethical careers following recent attack. LINK

📊 Trends, Reports, Analysis

Mid‑year crypto crime report signals surging losses: Chainalysis’ mid‑2025 update reveals crypto-related crime climbing sharply, driven by phishing, hacking, and fraudulent schemes. It recommends stronger user protections, tightenings of decentralized finance governance and enhanced blockchain tracing capabilities. Link

Venn Network thwarts DeFi backdoor attack: Venn Network discovered a malicious backdoor in an unnamed DeFi protocol, which allowed clandestine withdrawal of funds. Quick emergency measures contained the threat, preserving assets and prompting calls for more robust smart contract audits. Link

📅 Upcoming Events

If you would like to sponsor any of our future in person or virtual events then please email us on [email protected] 

We hope you enjoyed our email briefing! ☕🥮If you want to sponsor our next edition or advertise on our site, drop us an email [email protected].

Thank you for being a part of our newsletter community and you can be part of the community by joining our LinkedIn Group.